海报:隐藏在普通的视线:一个文件系统的数据完整性和保密性

Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security Pub Date : 2017-10-30 DOI:10.1145/3133956.3138841

Anne Kohlbrenner, F. Araujo, Teryl Taylor, M. Stoecklin

{"title":"海报:隐藏在普通的视线:一个文件系统的数据完整性和保密性","authors":"Anne Kohlbrenner, F. Araujo, Teryl Taylor, M. Stoecklin","doi":"10.1145/3133956.3138841","DOIUrl":null,"url":null,"abstract":"A filesystem capable of curtailing data theft and ensuring file integrity protection through deception is introduced and evaluated. The deceptive filesystem transparently creates multiple levels of stacking to protect the base filesystem and monitor file accesses, hide and redact sensitive files with baits, and inject decoys onto fake system views purveyed to untrusted subjects, all while maintaining a pristine state to legitimate processes. Our prototype implementation leverages a kernel hot-patch to seamlessly integrate the new filesystem module into live and existing environments. We demonstrate the utility of our approach with a use case on the nefarious Erebus ransomware. We also show that the filesystem adds no I/O overhead for legitimate users.","PeriodicalId":191367,"journal":{"name":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","volume":"308 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-10-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"POSTER: Hidden in Plain Sight: A Filesystem for Data Integrity and Confidentiality\",\"authors\":\"Anne Kohlbrenner, F. Araujo, Teryl Taylor, M. Stoecklin\",\"doi\":\"10.1145/3133956.3138841\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"A filesystem capable of curtailing data theft and ensuring file integrity protection through deception is introduced and evaluated. The deceptive filesystem transparently creates multiple levels of stacking to protect the base filesystem and monitor file accesses, hide and redact sensitive files with baits, and inject decoys onto fake system views purveyed to untrusted subjects, all while maintaining a pristine state to legitimate processes. Our prototype implementation leverages a kernel hot-patch to seamlessly integrate the new filesystem module into live and existing environments. We demonstrate the utility of our approach with a use case on the nefarious Erebus ransomware. We also show that the filesystem adds no I/O overhead for legitimate users.\",\"PeriodicalId\":191367,\"journal\":{\"name\":\"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security\",\"volume\":\"308 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-10-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3133956.3138841\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3133956.3138841","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

摘要

介绍并评估了一种能够通过欺骗来减少数据盗窃和确保文件完整性保护的文件系统。欺骗性文件系统透明地创建了多层堆叠，以保护基本文件系统和监视文件访问，用诱饵隐藏和编辑敏感文件，并将诱饵注入提供给不受信任主体的假系统视图，同时保持合法进程的原始状态。我们的原型实现利用内核热补丁将新的文件系统模块无缝地集成到实际和现有的环境中。我们用一个关于邪恶的Erebus勒索软件的用例来演示我们的方法的实用性。我们还展示了文件系统不会为合法用户增加I/O开销。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

POSTER: Hidden in Plain Sight: A Filesystem for Data Integrity and Confidentiality

查看原文本刊更多论文

POSTER: Hidden in Plain Sight: A Filesystem for Data Integrity and Confidentiality

A filesystem capable of curtailing data theft and ensuring file integrity protection through deception is introduced and evaluated. The deceptive filesystem transparently creates multiple levels of stacking to protect the base filesystem and monitor file accesses, hide and redact sensitive files with baits, and inject decoys onto fake system views purveyed to untrusted subjects, all while maintaining a pristine state to legitimate processes. Our prototype implementation leverages a kernel hot-patch to seamlessly integrate the new filesystem module into live and existing environments. We demonstrate the utility of our approach with a use case on the nefarious Erebus ransomware. We also show that the filesystem adds no I/O overhead for legitimate users.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

自引率

0.00%

发文量